CVE-2021-20780: 
WordPress vulnerability analysis and mitigation

Cross-site request forgery (CSRF) vulnerability was discovered in WPCS - WordPress Currency Switcher version 1.1.6 and earlier. The vulnerability was identified and reported by Mizuki Takagi from the Cryptography Laboratory at Tokyo Denki University. The issue was disclosed on July 6, 2021, and assigned CVE-2021-20780 (JVN Report).

The vulnerability is classified as a Cross-Site Request Forgery (CWE-352) issue. According to the CVSS v3.1 scoring, it received a base score of 4.3 with the following vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability requires user interaction (UI:R) and can be exploited through network access (AV:N) with low attack complexity (AC:L) (JVN Report).

If successfully exploited, the vulnerability could allow remote attackers to hijack the authentication of administrators. When a user with administrative privileges views a malicious page while logged into the affected system, unintended operations may be performed on their behalf (JVN Report).

Users are advised to update the WPCS - WordPress Currency Switcher plugin to a version newer than 1.1.6. The vulnerability was addressed in subsequent releases of the plugin (JVN Report, Plugin Site).